I have such problem: party $X$ has an amount of money $M$, which it needs to share with $n$ other parties. Every week the amount of money is different.
Let say not, that I am a party A, which is one ...

Is it possible to develop a scheme where two parties, unsure if they have the same secret, can verify that the other does or does not share the same secret, without one party being able to cheat and ...

I'm not sure if this belongs here, but my friend and I were wondering if there was a good algorithm to exchange random coin flips to make some random decision between two untrusted parties without the ...

I would like to use a PRG in order to achieve the commitment properties (i.e. Hiding and Binding), however, if we look at a general PRG we cannot state that it has the Binding property.
First I show ...

I want to create a lottery that works like this: I choose a secret number A in the range [0:999] and publish an object B. People must try to guess the number A to win. When somebody wins, I want to ...

I'm learning the POK notion and definitions and as a self exercise I wante to prove the statement that the Hamiltonicity protocol is a POK system with knowledge error $1/2$.
So the question will be ...

Assuming a publicly known set $\Psi$ with $N$ unique elements.
I have a set $\Sigma=\{\sigma_1,\sigma_2,...,\sigma_m\}$ where $m\leqslant N$. I would like to publicly prove that all the elements in ...

I'm trying to design cryptographic protocol to play Rock-Paper-Scissors with two parties, neither trusting each other, nor trusting server they use for communication, so game is 'provably fair'.
So ...

Alice and Bob want to agree on a bit $0$ or $1$. Both know it would be fair to pick that at random, but there's no way they could meet to throw a dice and no third party they could trust. Are there ...

Zero-knowledge proofs with soundness, completness and zero-knowledge enable a prover to convince a verifier that a witness validates successfully a predicate without giving any information about the ...

Does any of you know what is the difference between the Pedersen commitment and the commitment that uses the ElGamal encryption scheme?
For the sake of completeness, I recall what both of them look ...

I want to do a one-sided integer commitment scheme. I.e. the whole process must be non-interactive where I at one point first publicly reveal some data and then at a later time reveal the committed ...

I want to use a hash function for commitments. I don't want an attacker to construct a commitment related to a previously published (but still unopened) commitment.
A simple deterministic commitment ...

For a certain application I need a commitment scheme where each user could make a commitment, and a single verification operation could verify all the commitments simultaneously, faster than single ...